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WHAT IS CLAIMED IS: 

1 . An apparatus comprising : 
a plurality of network ports; 

a central processing unit (CPU) interface; and 
a controller to 

send, to the CPU interface, a request to approve an association between one of 
the network ports and a source media access control (MAC) address of a packet 
received on the one of the network ports when no request to approve the association 
between the one of the network ports and the source MAC address has been sent to 
the CPU interface, and 

send, to the CPU interface, the request to approve the association between the 
one of the network ports and the source MAC address when an approval for an 
association between the source MAC address and a different one of the network ports 
has been received from the CPU interface. 

2. The apparatus of claim 1, wherein the controller is ftolierto^etermine 
whether an association exists between any of the network ports and the source MAC address. 

3. The apparatus of claim 2, further comprising: 
a memory to store a forwarding database; and 

wherein to determine whether an association exists between any of the network ports 
and the source MAC address, the controller is further to search a forwarding database for the 
. source MAC address. 

4. The apparatus of claim 1, wherein the controller is further to determine 
whether no request to approve the association between the one of the network ports and the 
source MAC address has been sent to the CPU interface. 

5. The apparatus of claim 4, wherein, to determine whether no request to 
approve the association between the one of the network ports and the source MAC address 
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has been sent to the CPU interface, the controller is further to determine whether an 
unapproved association between the one of the network ports and the source MAC address 
exists. 

6. The apparatus of claim 5, wherein, to determine whether the unapproved 
association between the one of the network ports and the source MAC address exists, the 
controller is further: 

to determine whether the association between the one of the network ports and the 
source MAC address exists; and 

when the association between the one of the network ports and the source MAC 
address exists, to determine whether the association between the one of the network ports and 
the source MAC address is approved. 

7. The apparatus of claim 6, further comprising: 
a memory to store a forwarding database; and 

wherein, to determine whether the association between the one of the network ports 
and the source MAC address exists, the controller is further to search the forwarding 
database for an entry comprising the source MAC address. 

8. The apparatus of claim 7, wherein, to determine whether the association 
between the one of the network ports and the source MAC address is approved, the controller 
is further to determine whether an approval flag is set for the entry comprising the source 
MAC address. 

9. The apparatus of claim 1 , wherein the controller is further to create an 
unapproved association between the one of the network ports and the source MAC address. 

10. The apparatus of claim 9, wherein, to create the unapproved association 
between the one of the network ports and the source MAC address, the controller is further: 

to create the association between the one of the network ports and the source MAC 
address; and 
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to mark the association between the one of the network ports and the source MAC 
address as unapproved. 

1 1 . The apparatus of claim 1 0, further comprising: 
a memory to store a forwarding database; and 

wherein, to create the association between the one of the network ports and the source 
MAC address comprises, the controller is further to create an entry in the forwarding 
database, the entry identifying the one of the network ports and the source MAC address. 

12. The apparatus of claim 11, wherein, to mark the association between the one 
of the network ports and the source MAC address as unapproved, the controller is further to 
set an approval flag in the forwarding database for the entry. 

13. The apparatus of claim 12, wherein the controller is further: 

to receive, from the CPU interface, in response to the request to approve the 
association between the one of the network ports and the source MAC address, an approval 
of the association between the one of the network ports arid the source MAC address; and 

to clear the approval flag for the entry. 

14. The apparatus of claim 12, wherein the controller is further: 

to receive, from the CPU interface, in response to the request to approve the 
association between the one of the network ports and the source MAC address, a disapproval 
of the association between the one of the network ports and the source MAC address; and 

to delete the entry. 

15. The apparatus of claim 9, wherein the controller is further: 

to receive, from the CPU interface, in response to the request to approve the 
association between the one of the network ports and the source MAC address, an approval 
of the association between the one of the network ports and the source MAC address; and 

to approve the unapproved association between the one of the network ports and the 
source MAC address. 
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1 6. The apparatus of claim 9, wherein the controller is further: 

to receiving, from the CPU interface, in response to the request to approve the 
association between the one of the network ports and the source MAC address, a disapproval 
of the association between the one of the network ports and the source MAC address; and 

to delete the unapproved association between the one of the network ports and the 
source MAC address. 

17. The apparatus of claim 1, wherein the packet further comprises a destination 
MAC address, wherein the controller is further: 

to process the packet according to the destination MAC address when an association 
between the destination MAC address and a further one of the network ports exists and the 
association between the destination MAC address and the further one of the network ports 
has been approved; and 

to process the packet without regard to the destination MAC address when no 
association between the destination MAC address and any of the network ports exists; and 

to process the packet without regard to the destination MAC address when the 
association between the destination MAC address and the further one of the network ports 
exists but the association between the destination MAC address and the further one of the 
network ports has not been approved. 

1 8. The apparatus of claim 17, wherein, to process the packet according to the 
destination MAC address, the controller is further to cause the further one of the network 
ports to transmit the packet. 

19. The apparatus of claim 17, wherein to process the packet without regard to the 
destination MAC address, the controller is further to cause all of the network ports but the 
one of the network ports to transmit the packet. 

20. An integrated circuit comprising the apparatus of claim 1 . 
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21. A network switch comprising the apparatus of claim 1 . 

22. The network switch of claim 2 1 , wherein the network switch is an Ethernet 
network switch. 

23. The network switch of claim 21, further comprising: 
a CPU in communication with the CPU interface. 

24. An apparatus comprising: 
a plurality of network port means; 

central processing unit (CPU) interface means; and 
controller means for 

sending, to the CPU interface means, a request to approve an association 
between one of the network port means and a source media access control (MAC) 
address of a packet received on the one of the network port means when no request to 
approve the association between the one of the network port means and the source 
MAC address has been sent to the CPU interface means, and 

sending, to the CPU interface means, the request to approve the association 
between the one of the network port means and the source MAC address when an 
approval for an association between the source MAC address and a different one of 
the network port means has been received from the CPU interface means. 

25. The apparatus of claim 24, wherein the controller means is further for 
determining whether an association exists between any of the network port means and the 
source MAC address. 

26. The apparatus of claim 25, further comprising: 
memory means for storing a forwarding database; and 

wherein, for determining whether an association exists between any of the network 
port means and the source MAC address, the controller means is further for searching a 
forwarding database for the source MAC address. 
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27. The apparatus of claim 24, wherein the controller means is further for 
determining whether no request to approve the association between the one of the network 
port means and the source MAC address has been sent to the CPU interface means. 

28. The apparatus of claim 27, wherein, for determining whether no request to 
approve the association between the one of the network port means and the source MAC 
address has been sent to the CPU interface means, the controller means is further for 
determining whether an unapproved association between the one of the network port means 
and the source MAC address exists. 

29. The apparatus of claim 28, wherein, for determining whether the unapproved 
association between the one of the network port means and the source MAC address exists, 
the controller means is further for: 

determining whether the association between the one of the network port means and 
the source MAC address exists; and 

when the association between the one of the network port means and the source MAC 
address exists, determining whether the association between the one of the network port 
means and the source MAC address is approved. 

30. The apparatus of claim 29, further comprising: 
memory means for storing a forwarding database; and 

wherein, for determining whether the association between the one of the network port 
means and the source MAC address exists, the controller means is further for searching the 
forwarding database for an entry comprising the source MAC address. 

3 1 . The apparatus of claim 30, wherein, for determining whether the association 
between the one of the network port means and the source MAC address is approved, the 
controller means is further for determining whether an approval flag is set for the entry 
comprising the source MAC address. 
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32. The apparatus of claim 24, wherein the controller means is further for creating 
an unapproved association between the one of the network port and the source MAC address. 

33. The apparatus of claim 32, wherein, for creating the unapproved association 
between the one of the network port means and the source MAC address, the controller 
means is further for: 

creating the association between the one of the network port means and the source 
MAC address; and 

marking the association between the one of the network port means and the source 
MAC address as unapproved. 

34. The apparatus of claim 33, further comprising: 
memory means for storing a forwarding database; and 

wherein, for creating the association between the one of the network port means and 
the source MAC address comprises, the controller means is further for creating an entry in 
the forwarding database, the entry identifying the one of the network port means and the 
source MAC address. 

35. The apparatus of claim 34, wherein, for marking the association between the 
one of the network port means and the source MAC address as unapproved, the controller 
means is further for setting an approval flag in the forwarding database for the entry. 

36. The apparatus of claim 35, wherein the controller means is further for: 
receiving, from the CPU interface means, in response to the request to approve the 

association between the one of the network port means and the source MAC address, an 
approval of the association between the one of the network port means and the source MAC 
address; and 

clearing the approval flag for the entry. 

37. The apparatus of claim 35, wherein the controller means is further for: 
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receiving, from the CPU interface means, in response to the request to approve the 
association between the one of the network port means and the source MAC address, a 
disapproval of the association between the one of the network port means and the source 
MAC address; and 

deleting the entry. 

38. The apparatus of claim 32, wherein the controller means is further for: 
receiving, from the CPU interface means, in response to the request to approve the 

association between the one of the network port means and the source MAC address, an 
approval of the association between the one of the network port means and the source MAC 
address; and 

approving the unapproved association between the one of the network port means and 
the source MAC address. 

39. The apparatus of claim 32, wherein the controller means is further for: 
receiving, from the CPU interface, in response to the request to approve the 

association between the one of the network port means and the source MAC address, a 
disapproval of the association between the one of the network port means and the source 
MAC address; and 

deleting the unapproved association between the one of the network port means and 
the source MAC address. 

40. The apparatus of claim 24, wherein the packet further comprises a destination 
MAC address, wherein the controller means is further for: 

processing the packet according to the destination MAC address when an association 
between the destination MAC address and a further one of the network port means exists and 
the association between the destination MAC address and the further one of the network port 
means has been approved; and 

processing the packet without regard to the destination MAC address when no 
association between the destination MAC address and any of the network port means exists; 
and 
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processing the packet without regard to the destination MAC address when the 
association between the destination MAC address and the further one of the network port 
means exists but the association between the destination MAC address and the further one of 
the network port means has not been approved. 

41. The apparatus of claim 40, wherein, for processing the packet according to the 
destination MAC address, the controller means is further for causing the further one of the 
network port means to transmit the packet. 

42. The apparatus of claim 40, wherein, for processing the packet without regard 
to the destination MAC address, the controller means is further for causing all of the network 
port means but the one of the network port means to transmit the packet. 

43. An integrated circuit comprising the apparatus of claim 24. 

44. A network switch comprising the apparatus of claim 24. 

45. The network switch of claim 44, wherein the network switch is an Ethernet 
network switch. 

46. The network switch of claim 44, further comprising: 
CPU means in communication with the CPU interface means. 

47. A method for a switch comprising a plurality of network ports and a central 
processing unit (CPU) interface: 

receiving, on one of the network ports, a packet comprising a source media access 
control (MAC) address; 

sending, to the CPU interface, a request to approve an association between the one of 
the network ports and the source MAC address when no request to approve the association 
between the one of the network ports and the source MAC address has been sent to the CPU 
interface; and 
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sending, to the CPU interface, the request to approve the association between the one 
of the network ports and the source MAC address when an association between the source 
MAC address and a different one of the network ports has been approved. 

48. The method of claim 47, further comprising: 

determining whether an association exists between any of the network ports and the 
source MAC address. 

49. The method of claim 48, wherein determining whether an association exists 
between any of the network ports and the source MAC address comprises: 

searching a forwarding database for the source MAC address. 

50. The method of claim 47, further comprising: 

determining whether no request to approve the association between the one of the 
network ports and the source MAC address has been sent to the CPU interface. 

5 1 . The method of claim 50, wherein determining whether no request to approve 
the association between the one of the network ports and the source MAC address has been 
sent to the CPU interface comprises: 

determining whether an unapproved association between the one of the network ports 
and the source MAC address exists. 

52. The method of claim 5 1 , wherein determining whether the unapproved 
association between the one of the network ports and the source MAC address exists 
comprises: 

determining whether the association between the one of the network ports and the 
source MAC address exists; and 

when the association between the one of the network ports and the source MAC 
address exists, determining whether the association between the one of the network ports and 
the source MAC address is approved. 
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53. The method of claim 52, wherein determining whether the association 
between the one of the network ports and the source MAC address exists comprises: 

searching a forwarding database for an entry comprising the source MAC address. 

54. The method of claim 53, wherein determining whether the association 
between the one of the network ports and the source MAC address is approved comprises: 

determining whether an approval flag is set for the entry comprising the source MAC 
address. 

55. The method of claim 47, further comprising: 

creating an unapproved association between the one of the network ports and the 
source MAC address. 

56. The method of claim 55, wherein creating the unapproved association 
between the one of the network ports and the source MAC address comprises: 

creating the association between the one of the network ports and the source MAC 
address; and 

marking the association between the one of the network ports and the source MAC 
address as unapproved. 

57. The method of claim 56, wherein creating the association between the one of 
the network ports and the source MAC address comprises: 

creating an entry in a forwarding database, the entry identifying the one of the 
network ports and the source MAC address. 

58. The method of claim 57, wherein marking the association between the one of 
the network ports and the source MAC address as unapproved comprises: 

setting an approval flag for the entry. 

59. The method of claim 58, further comprising: 
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receiving, from the CPU interface, in response to the request to approve the 
association between the one of the network ports and the source MAC address, an approval 
of the association between the one of the network ports and the source MAC address; and 

clearing the approval flag for the entry. 

5 

60. The method of claim 58, further comprising: 

receiving, from the CPU interface, in response to the request to approve the 
association between the one of the network ports and the source MAC address, a disapproval 
of the association between the one of the network ports and the source MAC address; and 
10 deleting the entry. 

6 1 . The method of claim 55, further comprising: 

receiving, from the CPU interface, in response to the request to approve the 
association between the one of the network ports and the source MAC address, an approval 
15 of the association between the one of the network ports and the source MAC address; and 

approving the unapproved association between the one of the network ports and the 
source MAC address. 

62. The method of claim 55, further comprising: 

20 receiving, from the CPU interface, in response to the request to approve the 

association between the one of the network ports and the source MAC address, a disapproval 
of the association between the one of the network ports and the source MAC address; and 
deleting the unapproved association between the one of the network ports and the 
source MAC address. 

25 

63. The method of claim 47, wherein the packet further comprises a destination 
MAC address, further comprising: 

processing the packet according to the destination MAC address when an association 
between the destination MAC address and a further one of the network ports exists and the 
30 association between the destination MAC address and the further one of the network ports 
has been approved; and 
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processing the packet without regard to the destination MAC address when no 
association between the destination MAC address and any of the network ports exists; and 

processing the packet without regard to the destination MAC address when the 
association between the destination MAC address and the further one of the network ports 
exists but the association between the destination MAC address and the further one of the 
network ports has not been approved. 

64. The method of claim 63, wherein processing the packet according to the 
destination MAC address comprises: 

transmitting the packet from the further one of the network ports. 

65. The method of claim 63, wherein processing the packet without regard to the 
destination MAC address comprises: 

transmitting the packet from all of the network ports but the one of the network ports. 

66. A computer program embodying instructions executable by a computer for a 
switch comprising a plurality of network ports and a central processing unit (CPU) interface, 
comprising: 

receiving, on one of the network ports, a packet comprising a source media access 
control (MAC) address; 

sending, to the CPU interface, a request to approve an association between the one of 
the network ports and the source MAC address when no request to approve the association 
between the one of the network ports and the source MAC address has been sent to the CPU 
interface; and 

sending, to the CPU interface, the request to approve the association between the one 
of the network ports and the source MAC address when an association between the source 
MAC address and a different one of the network ports has been approved. 

67. The computer program of claim 66, further comprising: 

determining whether an association exists between any of the network ports and the 
source MAC address. 
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68. The computer program of claim 67, wherein determining whether an 
association exists between any of the network ports and the source MAC address comprises: 

searching a forwarding database for the source MAC address. 

69. The computer program of claim 66, further comprising: 

determining whether no request to approve the association between the one of the 
network ports and the source MAC address has been sent to the CPU interface. 

70. The computer program of claim 69, wherein determining whether no request 
to approve the association between the one of the network ports and the source MAC address 
has been sent to the CPU interface comprises: 

determining whether an unapproved association between the one of the network ports 
and the source MAC address exists. 

7 1 . The computer program of claim 70, wherein determining whether the 
unapproved association between the one of the network ports and the source MAC address 
exists comprises: 

determining whether the association between the one of the network ports and the 
source MAC address exists; and 

when the association between the one of the network ports and the source MAC 
address exists, determining whether the association between the one of the network ports and 
the source MAC address is approved. 

72. The computer program of claim 7 1 , wherein determining whether the 
association between the one of the network ports and the source MAC address exists 
comprises: 

searching a forwarding database for an entry comprising the source MAC address. 
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73. The computer program of claim 72, wherein determining whether the 
association between the one of the network ports and the source MAC address is approved 
comprises: 

determining whether an approval flag is set for the entry comprising the source MAC 
address. 

74. The computer program of claim 66, further comprising: 

creating an unapproved association between the one of the network ports and the 
source MAC address. 

75. The computer program of claim 74, wherein creating the unapproved 
association between the one of the network ports and the source MAC address comprises: 

creating the association between the one of the network ports and the source MAC 
address; and 

marking the association between the one of the network ports and the source MAC 
address as unapproved. 

76. The computer program of claim 75, wherein creating the association between 
the one of the network ports and the source MAC address comprises: 

creating an entry in a forwarding database, the entry identifying the one of the 
network ports and the source MAC address. 

77. The computer program of claim 76, wherein marking the association between 
the one of the network ports and the source MAC address as unapproved comprises: 

setting an approval flag for the entry. 

78. The computer program of claim 77, further comprising: 
receiving, from the CPU interface, in response to the request to approve the 

association between the one of the network ports and the source MAC address, an approval 
of the association between the one of the network ports and the source MAC address; and 
clearing the approval flag for the entry. 
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79. The computer program of claim 77, further comprising: 
receiving, from the CPU interface, in response to the request to approve the 

association between the one of the network ports and the source MAC address, a disapproval 
5 of the association between the one of the network ports and the source MAC address; and 
deleting the entry. 

80. The computer program of claim 74, further comprising: 
receiving, from the CPU interface, in response to the request to approve the 

10 association between the one of the network ports and the source MAC address, an approval 
of the association between the one of the network ports and the source MAC address; and 

approving the unapproved association between the one of the network ports and the 
source MAC address. 

8 1 . The computer program of claim 74, further comprising: 
receiving, from the CPU interface, in response to the request to approve the 

association between the one of the network ports and the source MAC address, a disapproval 
of the association between the one of the network ports and the source MAC address; and 
deleting the unapproved association between the one of the network ports and the 
source MAC address. 

82. The computer program of claim 66, wherein the packet further comprises a 
destination MAC address, further comprising: 

processing the packet according to the destination MAC address when an association 
25 between the destination MAC address and a further one of the network ports exists and the 
association between the destination MAC address and the further one of the network ports 
has been approved; and 

processing the packet without regard to the destination MAC address when no 
association between the destination MAC address and any of the network ports exists; and 
30 processing the packet without regard to the destination MAC address when the 

association between the destination MAC address and the further one of the network ports 
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exists but the association between the destination MAC address and the further one of the 
network ports has not been approved. 

83. The computer program of claim 82, wherein processing the packet according 
to the destination MAC address comprises: 

transmitting the packet from the further one of the network ports. 



84. The computer program of claim 82, wherein processing the packet without 
regard to the destination MAC address comprises: 

transmitting the packet from all of the network ports but the one of the network ports. 
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